Expanding the arc of global corporate compliance

Today’s world of corporate compliance is characterized by an increasing number of enforcement actions related to bribery and corruption. Co-operation and information sharing between enforcement agencies on multi-jurisdictional cases is also increasing. Parallelly, nations such as Brazil, Canada, Mexico, France, India, Russia, Spain and Korea are either adopting anti-bribery laws or strengthening existing legislations. By the end of the last year and when the US administration changed, 27 companies had reportedly paid approximately US$2.5 billion in settlements under the US Foreign Corrupt Practices Act (FCPA), the flagship anti-bribery law. With FCPA reaching its 40th year, 2016 has perhaps been a record-setter of sorts.

In India, the last few years have seen an upswing in regulations and shifting public sentiment on combating corruption. Government initiatives such as proposed legislative reforms and demonetization coupled with digitization initiatives indicate a strong resolve to weed out unethical and corrupt practices. In line with global anti-bribery and anti-corruption laws (FCPA, UK Bribery Act), OECD guidances and international conventions, amendments are expected in local regulations to tackle the demand as well as supply side of corruption. These include proposed amendments to the Prevention of Corruption Act, 1988 (POCA), which is the primary anti-corruption legislation in India.

In the first decade of the new millennium, anti-bribery and anti-corruption (ABAC) compliance was still at a nascent stage for many organizations, as the focus was primarily on putting frameworks in place. However, over the last few years, many global regulatory agencies have indicated the need for organizations to go beyond this and assess the adequacy of their compliance frameworks. This indicates that mere existence of a framework may not be enough, thus calling for a substance-over-form approach.

Developed economies such as US and UK have released several guidance notes on setting up of compliance frameworks, such as US FCPA guide, UK Bribery Act’s suggested six compliance principles and the OECD Handbook. The most recent addition is the US Department of Justice’s guidance note on Evaluation of Corporate Compliance Programs in February this year. It details key factors that should be considered while evaluating existing ABAC compliance programs as well as questions that prosecutors may ask (around compliance programs) in the context of an investigation. Though the guidance is directed at organizations under investigation, it can be used by entities to proactively assess their compliance programs in line with the regulator’s expectations

While an individual assessment of every case would be required, the Department of Justice (DOJ) has released a common set of questions and topics that can be taken into consideration. These cover aspects of analysis and remediation of underlying misconduct, tone at the top, autonomy and resources, policies and procedures, risk assessment, training and communication, confidential reporting and investigation, incentives and disciplinary measures, third-party management and continuous improvements.

What does this mean for organizations?

The DOJ’s guidance is relevant for leading companies to consider and adopt to drive compliance in today’s shrinking world with heightened global enforcement. While many factors enumerated are an extension of previously outlined reforms, the note serves as a guidance for those in compliance roles within organizations to now have a defined list of factors to consider when evaluating the ABAC compliance program. Such evaluation can help them understand the efficacy of the existing mechanisms and whether they are commensurate to their risk exposure. Adequate and timely implementation, upgrades, monitoring and evaluation could be considered by prosecutors while investigating unethical practices and determining the severity of actions, charges or penalties in case a misconduct is identified. Organizations should be cognizant of the fact that the cost of compliance can potentially be less than the cost of potential penalties because of non-compliance.

It is important today to go beyond minimum compliance requirements, and develop and improve programs that are robust. Organizations must motivate their employees to act ethically, provide training and awareness opportunities, and encourage a transparent culture for them to report concerns, if any. This should be reinforced by an effective risk management process that utilizes technology to identify and mitigate external threats, such as those posed by potential business relationships.